Merge r176930 - [Soup][Curl] HTTP header values should be treated as …

…latin1, not UTF-8

https://bugs.webkit.org/show_bug.cgi?id=128739

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-12-07
Reviewed by Martin Robinson.
Source/WebCore:

Removed UTF-8 conversion of HTTP header values (SOUP and CURL).
Removed unnecessary UTF-8 conversion of HTTP header names (SOUP).
Changed conversion of HTTP method from UTF-8 to ASCII (SOUP and CURL).
Added explicit UTF-8 conversion of Content-Disposition header to compute download suggested filename.

Test: http/tests/xmlhttprequest/response-special-characters.html

* platform/network/curl/CurlDownload.cpp:
(WebCore::CurlDownload::headerCallback): Removed header conversion.
* platform/network/curl/ResourceHandleManager.cpp:
(WebCore::headerCallback): Ditto.
(WebCore::ResourceHandleManager::initializeHandle): Changed HTTP method conversion to ASCI.
* platform/network/soup/ResourceRequestSoup.cpp:
(WebCore::ResourceRequest::updateFromSoupMessageHeaders): Removed header conversion.
(WebCore::ResourceRequest::updateSoupMessage): Changed HTTP method conversion to ASCII.
(WebCore::ResourceRequest::toSoupMessage): Ditto.
(WebCore::ResourceRequest::updateFromSoupMessage):
* platform/network/soup/ResourceResponseSoup.cpp:
(WebCore::ResourceResponse::updateFromSoupMessageHeaders): Rmoved header conversion.
(WebCore::ResourceResponse::platformSuggestedFilename): Added explicit conversion of contentDisposition to UTF-8.

LayoutTests:

Tests that non ascii header & reason phrase values are correctly retrieved by the web application.
headers.php script sends a response that includes non ascii header value.
not-ascii-status.php sends a response that includes non ascii reason phrase.
Removed specific gtk/efl expectations as now aligned with regular expectation.

* http/tests/xmlhttprequest/resources/headers.php: Added.
* http/tests/xmlhttprequest/resources/not-ascii-status.php: Added.
* http/tests/xmlhttprequest/response-special-characters-expected.txt: Added.
* http/tests/xmlhttprequest/response-special-characters.html: Added.
* platform/efl/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.
* platform/gtk/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.

Canonical link: https://commits.webkit.org/154760.259@webkitgtk/2.6
git-svn-id: https://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.6@178328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog

@@ -1,3 +1,22 @@
+2014-12-07  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [Soup][Curl] HTTP header values should be treated as latin1, not UTF-8
+        https://bugs.webkit.org/show_bug.cgi?id=128739
+
+        Reviewed by Martin Robinson.
+
+        Tests that non ascii header & reason phrase values are correctly retrieved by the web application.
+        headers.php script sends a response that includes non ascii header value.
+        not-ascii-status.php sends a response that includes non ascii reason phrase.
+        Removed specific gtk/efl expectations as now aligned with regular expectation.
+
+        * http/tests/xmlhttprequest/resources/headers.php: Added.
+        * http/tests/xmlhttprequest/resources/not-ascii-status.php: Added.
+        * http/tests/xmlhttprequest/response-special-characters-expected.txt: Added.
+        * http/tests/xmlhttprequest/response-special-characters.html: Added.
+        * platform/efl/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.
+        * platform/gtk/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.
+
 2014-12-05  Antti Koivisto  <antti@apple.com>
 
         REGRESSION (173394): Support for webcam is broken

LayoutTests/http/tests/xmlhttprequest/resources/headers.php

@@ -0,0 +1,11 @@
+<?php
+ header("Content-Type: text/plain");
+ header("X-Custom-Header: test");
+ header("Set-Cookie: test");
+ header("Set-Cookie2: test");
+ header("X-Custom-Header-Empty:");
+ header("X-Custom-Header-Comma: 1");
+ header("X-Custom-Header-Comma: 2", false);
+ header("X-Custom-Header-Bytes: …");
+ echo "TEST";
+?>

LayoutTests/http/tests/xmlhttprequest/resources/not-ascii-status.php

@@ -0,0 +1,4 @@
+<?php
+    header('HTTP/1.1 200 OK…');
+    echo "OK…";
+?>

LayoutTests/http/tests/xmlhttprequest/response-special-characters-expected.txt

@@ -0,0 +1,4 @@
+
+PASS non ascii response header value 
+PASS non ascii statusText 
+

LayoutTests/http/tests/xmlhttprequest/response-special-characters.html

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>XMLHttpRequest: getting response with funny characters</title>
+    <script src="/js-test-resources/testharness.js"></script>
+    <script src="/js-test-resources/testharnessreport.js"></script>
+    <!-- test file originating from W3C web platform test suite --> 
+  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      function run_test(name, setupFunction, assertFunction)
+      {
+          var test = async_test(name)
+          test.isAsserted = false
+          test.step(function() {
+            var client = new XMLHttpRequest()
+            client.onreadystatechange = function() {
+              test.step(function() {
+                if(client.readyState == 4) {
+                  test.isAsserted = true
+                  assertFunction(client)
+                }
+              })
+            }
+            client.onloadend = function() {
+              assert_true(test.isAsserted)
+              test.done()
+            }
+            setupFunction(client)
+            client.send(null)
+          })
+      }
+
+      run_test("non ascii response header value",
+        function(client){
+            client.open("GET", "resources/headers.php")
+        },function(client){
+            assert_equals(client.getResponseHeader("x-custom-header-bytes"), "\xE2\x80\xA6")
+        }
+      )
+
+      run_test("non ascii statusText",
+        function(client){
+            client.open("GET", "resources/not-ascii-status.php")
+        },function(client){
+            assert_equals(client.statusText, "OK\xE2\x80\xA6")
+        }
+      )
+  </script>
+ </body>
+</html>

Source/WebCore/ChangeLog

@@ -1,3 +1,31 @@
+2014-12-07  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        [Soup][Curl] HTTP header values should be treated as latin1, not UTF-8
+        https://bugs.webkit.org/show_bug.cgi?id=128739
+
+        Reviewed by Martin Robinson.
+
+        Removed UTF-8 conversion of HTTP header values (SOUP and CURL).
+        Removed unnecessary UTF-8 conversion of HTTP header names (SOUP).
+        Changed conversion of HTTP method from UTF-8 to ASCII (SOUP and CURL).
+        Added explicit UTF-8 conversion of Content-Disposition header to compute download suggested filename. 
+
+        Test: http/tests/xmlhttprequest/response-special-characters.html
+
+        * platform/network/curl/CurlDownload.cpp:
+        (WebCore::CurlDownload::headerCallback): Removed header conversion.
+        * platform/network/curl/ResourceHandleManager.cpp:
+        (WebCore::headerCallback): Ditto.
+        (WebCore::ResourceHandleManager::initializeHandle): Changed HTTP method conversion to ASCI.
+        * platform/network/soup/ResourceRequestSoup.cpp:
+        (WebCore::ResourceRequest::updateFromSoupMessageHeaders): Removed header conversion.
+        (WebCore::ResourceRequest::updateSoupMessage): Changed HTTP method conversion to ASCII.
+        (WebCore::ResourceRequest::toSoupMessage): Ditto.
+        (WebCore::ResourceRequest::updateFromSoupMessage):
+        * platform/network/soup/ResourceResponseSoup.cpp:
+        (WebCore::ResourceResponse::updateFromSoupMessageHeaders): Rmoved header conversion.
+        (WebCore::ResourceResponse::platformSuggestedFilename): Added explicit conversion of contentDisposition to UTF-8.
+
 2014-12-05  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Directional single quotation marks are not rotated in vertical text

Source/WebCore/platform/network/curl/CurlDownload.cpp

@@ -468,7 +468,7 @@ size_t CurlDownload::headerCallback(char* ptr, size_t size, size_t nmemb, void*
     size_t totalSize = size * nmemb;
     CurlDownload* download = reinterpret_cast<CurlDownload*>(data);
 
-    String header = String::fromUTF8WithLatin1Fallback(static_cast<const char*>(ptr), totalSize);
+    String header(static_cast<const char*>(ptr), totalSize);
 
     if (download)
         download->didReceiveHeader(header);

Source/WebCore/platform/network/curl/ResourceHandleManager.cpp

@@ -473,7 +473,7 @@ static size_t headerCallback(char* ptr, size_t size, size_t nmemb, void* data)
     size_t totalSize = size * nmemb;
     ResourceHandleClient* client = d->client();
 
-    String header = String::fromUTF8WithLatin1Fallback(static_cast<const char*>(ptr), totalSize);
+    String header(static_cast<const char*>(ptr), totalSize);
 
     /*
      * a) We can finish and send the ResourceResponse
@@ -1119,7 +1119,7 @@ void ResourceHandleManager::initializeHandle(ResourceHandle* job)
     else if ("HEAD" == method)
         curl_easy_setopt(d->m_handle, CURLOPT_NOBODY, TRUE);
     else {
-        curl_easy_setopt(d->m_handle, CURLOPT_CUSTOMREQUEST, method.latin1().data());
+        curl_easy_setopt(d->m_handle, CURLOPT_CUSTOMREQUEST, method.ascii().data());
         setupPUT(job, &headers);
     }
 

Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp

@@ -65,12 +65,12 @@ void ResourceRequest::updateFromSoupMessageHeaders(SoupMessageHeaders* soupHeade
     const char* headerName;
     const char* headerValue;
     while (soup_message_headers_iter_next(&headersIter, &headerName, &headerValue))
-        m_httpHeaderFields.set(String::fromUTF8(headerName), String::fromUTF8(headerValue));
+        m_httpHeaderFields.set(String(headerName), String(headerValue));
 }
 
 void ResourceRequest::updateSoupMessage(SoupMessage* soupMessage) const
 {
-    g_object_set(soupMessage, SOUP_MESSAGE_METHOD, httpMethod().utf8().data(), NULL);
+    g_object_set(soupMessage, SOUP_MESSAGE_METHOD, httpMethod().ascii().data(), NULL);
 
     GUniquePtr<SoupURI> uri = createSoupURI();
     soup_message_set_uri(soupMessage, uri.get());
@@ -80,7 +80,7 @@ void ResourceRequest::updateSoupMessage(SoupMessage* soupMessage) const
 
 SoupMessage* ResourceRequest::toSoupMessage() const
 {
-    SoupMessage* soupMessage = soup_message_new(httpMethod().utf8().data(), url().string().utf8().data());
+    SoupMessage* soupMessage = soup_message_new(httpMethod().ascii().data(), url().string().utf8().data());
     if (!soupMessage)
         return 0;
 
@@ -102,7 +102,7 @@ void ResourceRequest::updateFromSoupMessage(SoupMessage* soupMessage)
     if (shouldPortBeResetToZero)
         m_url.setPort(0);
 
-    m_httpMethod = String::fromUTF8(soupMessage->method);
+    m_httpMethod = String(soupMessage->method);
 
     updateFromSoupMessageHeaders(soupMessage->request_headers);
 

Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp

@@ -87,7 +87,7 @@ void ResourceResponse::updateFromSoupMessageHeaders(const SoupMessageHeaders* me
 
     soup_message_headers_iter_init(&headersIter, headers);
     while (soup_message_headers_iter_next(&headersIter, &headerName, &headerValue))
-        addHTTPHeaderField(String::fromUTF8WithLatin1Fallback(headerName, strlen(headerName)), String::fromUTF8WithLatin1Fallback(headerValue, strlen(headerValue)));
+        addHTTPHeaderField(String(headerName), String(headerValue));
 
     String contentType;
     const char* officialType = soup_message_headers_get_one(headers, "Content-Type");
@@ -108,7 +108,8 @@ CertificateInfo ResourceResponse::platformCertificateInfo() const
 
 String ResourceResponse::platformSuggestedFilename() const
 {
-    return filenameFromHTTPContentDisposition(httpHeaderField(HTTPHeaderName::ContentDisposition));
+    String contentDisposition(httpHeaderField(HTTPHeaderName::ContentDisposition));
+    return filenameFromHTTPContentDisposition(String::fromUTF8WithLatin1Fallback(contentDisposition.characters8(), contentDisposition.length()));
 }
 
 }